Security design of remote maintenance system for nuclear power plants based on ISO/IEC 15408

As a method to reduce periodic inspection time and mean recovery time on fault occurrence, remote maintenance systems for nuclear power plants (NPPs) are proposed, which augment efficiencies in maintenance operations for the plants by surveying them remotely and achieving collaborations between on-site operators and remote plant designers and expert operators [1]. In particular, with the spread of Internet technology and Internet security protection technology in recent years, there is a tendency to build remote maintenance systems using the Internet without dedicated communication lines [2]. However, the biggest concern of customers such as electric power companies is security. It is highly necessary to give assurance of the security of remote maintenance systems coherently and consistently in order to introduce such systems based on Internet technology into NPPs. However, there exist various ways of thinking about security. Furthermore, there has not been a general agreement on how to give assurance of the security of remote maintenance systems for NPPs. So we have applied ISO/IEC 15408 [3] to remote maintenance systems for NPPs. It is used to evaluate the security level of IT products and systems. Based on ISO/IEC 15408, we have listed assets to be protected, threats to the assets, security objectives against the threats, and security functional requirements that achieve the security objectives. Also, we have shown relations between the threats and the security objectives, and relations between the security objectives and the security functional requirements. As a result, we have concretized a necessary and sufficient security design of remote maintenance systems for NPPs that can protect the instrumentation and control (I&C) system against intrusion, impersonation, tapping, obstruction and destruction. In this paper, we describe the background of the remote maintenance systems for NPPs, a summary of the systems, and its security design based on ISO/IEC 15408.